Open depfu[bot] opened 2 months ago
Review changes with SemanticDiff.
Dereferencing pointers to objects that have already been freed opens the door to execution of arbitrary code. Attackers may be able to insert instructions at the freed memory location in order to trigger the exploit when the pointer is used after the memory has been freed.
Unable to locate .performanceTestingBot config file
Pull request analysis by VIZIPI
Below you will find who is the most qualified team member to review your code. This analysis includes his/her work on the code included in this Pull request, in addition to their experience in code affected by these changes ( partly found within the list of potential missing files below ) Feedback always welcome
Match % | Person | Commit Count | Common Files |
---|---|---|---|
100.00% | GitHub Teacher | 4 | 1 |
100.00% | reedhhw | 2 | 1 |
No commonly committed files found with a 40% threashold
99.13%
[Gemfile.lock]
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ html-proofer (5.0.8 → 5.0.9) · Repo · Changelog
Release Notes
5.0.9
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ Ascii85 (indirect, 1.1.0 → 1.1.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ addressable (indirect, 2.8.5 → 2.8.6) · Repo · Changelog
Release Notes
2.8.6 (from changelog)
Does any of this look wrong? Please let us know.
↗️ async (indirect, 2.6.3 → 2.11.0) · Repo
Release Notes
2.11.0
2.10.2
2.10.1
2.10.0
2.9.0
2.8.2
2.8.1
2.8.0
2.7.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ console (indirect, 1.23.1 → 1.25.2) · Repo
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ ffi (indirect, 1.15.5 → 1.16.3) · Repo · Changelog
Release Notes
1.16.3 (from changelog)
1.16.2 (from changelog)
1.16.1 (from changelog)
1.16.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ fiber-local (indirect, 1.0.0 → 1.1.0) · Repo
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ io-event (indirect, 1.2.3 → 1.5.1) · Repo
Release Notes
1.4.3
1.4.0
1.3.2
1.3.1
1.3.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ mini_portile2 (indirect, 2.8.4 → 2.8.6) · Repo · Changelog
Release Notes
2.8.6
2.8.5
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ nokogiri (indirect, 1.15.4 → 1.16.5) · Repo · Changelog
Security Advisories 🚨
🚨 Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
🚨 Use-after-free in libxml2 via Nokogiri::XML::Reader
🚨 Use-after-free in libxml2 via Nokogiri::XML::Reader
🚨 Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
🚨 Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Release Notes
1.16.5
1.16.4
1.16.3
1.16.2
1.16.1
1.16.0
1.15.6
1.15.5
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ pdf-reader (indirect, 2.11.0 → 2.12.0) · Repo · Changelog
Release Notes
2.12.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ racc (indirect, 1.7.1 → 1.7.3) · Repo · Changelog
Release Notes
1.7.3
1.7.2
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ ttfunk (indirect, 1.7.0 → 1.8.0) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ typhoeus (indirect, 1.4.0 → 1.4.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ zeitwerk (indirect, 2.6.11 → 2.6.14) · Repo · Changelog
Release Notes
2.6.13 (from changelog)
2.6.12 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
🆕 bigdecimal (added, 3.1.8)
🆕 fiber-storage (added, 0.1.0)
🆕 json (added, 2.7.2)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands